Cleanup

2025-06-18 09:27:31 +02:00 · 2025-06-18 09:27:31 +02:00 · 8754f0d1a0
commit 8754f0d1a0
parent 1fc6e03c2c
7 changed files with 2 additions and 155 deletions
--- a/flake.nix
+++ b/flake.nix
@ -15,18 +15,14 @@
  };
  outputs = inputs @ {
    self,
    nixpkgs,
    home-manager,
    agenix,
    crowdsec,
    ...
  }: let
    system = "x86_64-linux";
    username = "tbarnouin";
    proxy_host = "192.168.1.40";
    pgsql_host = "192.168.1.13";
    pkgs = import nixpkgs {inherit system;};
  in {
    nixosConfigurations = {
      nginx = nixpkgs.lib.nixosSystem {
@ -155,23 +151,6 @@
          }
        ];
      };
      nixarr = nixpkgs.lib.nixosSystem {
        inherit system;
        specialArgs = {inherit inputs;};
        modules = [
          agenix.nixosModules.default
          crowdsec.nixosModules.crowdsec-firewall-bouncer
          "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
          "${inputs.self}/systems/minimalVMConfig.nix"
          "${inputs.self}/services"
          "${inputs.self}/modules"
          {
            services.vm_nixarr = {
              enable = true;
            };
          }
        ];
      };
      arr-box = nixpkgs.lib.nixosSystem {
        inherit system;
        specialArgs = {inherit inputs;};
--- a/modules/default.nix
+++ b/modules/default.nix
@ -1,4 +1,4 @@
-{inputs, ...}: {
+{...}: {
  imports = [
    ./crowdsec.nix
  ];
--- a/packages/cs-firewall-bouncer/default.nix
+++ b/packages/cs-firewall-bouncer/default.nix
@ -1,28 +0,0 @@
 {
  lib,
  buildGoModule,
  fetchFromGitHub,
 }:
 buildGoModule rec {
  pname = "cs-firewall-bouncer";
  version = "0.0.31";
  src = fetchFromGitHub {
    owner = "crowdsecurity";
    repo = pname;
    rev = "v${version}";
    hash = "sha256-59MWll8v00CF4WA53gjHZSTFc8hpYaHENg9O7LgTCrA=";
  };
  vendorHash = "sha256-7Jxvg8UEjUxnIz1llvXyI2AefJ31OVdNzhWD/C8wU/Y=";
  meta = with lib; {
    homepage = "https://crowdsec.net/";
    changelog = "https://github.com/crowdsecurity/${pname}/releases/tag/v${version}";
    description = "Crowdsec bouncer for firewalls.";
    longDescription = ''
      crowdsec-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls.
    '';
    license = licenses.mit;
  };
 }
--- a/services/default.nix
+++ b/services/default.nix
@ -1,4 +1,4 @@
-{inputs, ...}: {
+{...}: {
  imports = [
    ./nginx
    ./forgejo
--- a/services/jellyfin-nvidia/default.nix
+++ b/services/jellyfin-nvidia/default.nix
@ -1,57 +0,0 @@
 {
  lib,
  config,
  pkgs,
  ...
 }: let
  cfg = config.services.vm_jellyfin_nvidia;
 in {
  options.services.vm_jellyfin_nvidia = {
    enable = lib.mkEnableOption "Enable minimal config";
  };
  config = lib.mkIf cfg.enable {
    environment = {
      systemPackages = with pkgs; [
        nvtopPackages.nvidia
      ];
    };
    # Nvidia Hardware Acceleration config
    services.xserver.videoDrivers = ["nvidia"];
    hardware = {
      graphics = {
        enable = true;
        extraPackages = with pkgs; [cudaPackages.cudatoolkit];
      };
      nvidia = {
        package = config.boot.kernelPackages.nvidiaPackages.latest;
        nvidiaSettings = true;
        modesetting.enable = true;
        # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
        # Enable this if you have graphical corruption issues or application crashes after waking
        # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
        # of just the bare essentials.
        powerManagement.enable = false;
        powerManagement.finegrained = false;
        # Use the NVidia open source kernel module
        # Recommended by Nvidia for 20+ series GPU
        open = true;
      };
    };
    services = {
      jellyfin = {
        enable = true;
        user = "tbarnouin";
        openFirewall = true;
      };
    };
    fileSystems."/mnt/media" = {
      device = "192.168.1.125:/BIGDATA";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "noauto"
      ];
    };
  };
 }
--- a/services/netbox/default.nix
+++ b/services/netbox/default.nix
@ -1,44 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: let
  cfg = config.services.vm_netbox;
 in {
  options.services.vm_netbox = {
    enable = lib.mkEnableOption "Enable minimal config";
    pgsql_ip = lib.mkOption {
      type = lib.types.str;
      description = "Netbox database IP address";
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets.netbox-lapi-key = {
      file = ../../secrets/netbox-lapi-key.age;
      owner = "crowdsec";
    };
    services = {
      crowdsec = {
        settings.lapi.credentialsFile = "${config.age.secrets.netbox-lapi-key.path}";
        localConfig = {
          acquisitions = [
            {
              source = "journalctl";
              journalctl_filter = ["_SYSTEMD_UNIT=netbox.service"];
              labels = {
                type = "syslog";
              };
            }
          ];
        };
      };
      netbox = {
        enable = true;
        package = pkgs.netbox_3_7;
        port = 8001;
      };
    };
    networking.firewall.allowedTCPPorts = [8001];
  };
 }
--- a/systems/minimalMicrovmConfig.nix
+++ b/systems/minimalMicrovmConfig.nix
@ -2,9 +2,6 @@
  config,
  pkgs,
  lib,
  inputs,
  modulesPath,
  microvm,
  ...
 }: let
  cfg = config.services.micro_vm;